idnits 2.17.1 draft-ietf-softwire-map-radius-14.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (January 31, 2018) is 2270 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 3315 (Obsoleted by RFC 8415) -- Obsolete informational reference (is this intentional?): RFC 5226 (Obsoleted by RFC 8126) Summary: 1 error (**), 0 flaws (~~), 1 warning (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Softwire S. Jiang, Ed. 3 Internet-Draft Huawei Technologies Co., Ltd 4 Intended status: Standards Track Y. Fu, Ed. 5 Expires: August 4, 2018 CNNIC 6 B. Liu 7 Huawei Technologies Co., Ltd 8 P. Deacon 9 IEA Software, Inc. 10 C. Xie 11 China Telecom 12 T. Li 13 Tsinghua University 14 M. Boucadair 15 Orange 16 January 31, 2018 18 RADIUS Attribute for Softwire Address plus Port based Mechanisms 19 draft-ietf-softwire-map-radius-14 21 Abstract 23 IPv4-over-IPv6 transition mechanisms provide both IPv4 and IPv6 24 connectivity services simultaneously during the IPv4/IPv6 co-existing 25 period. The Dynamic Host Configuration Protocol for IPv6 (DHCPv6) 26 options have been defined to configure Customer Edge (CE) in MAP-E, 27 MAP-T, Lightweight 4over6 and PREFIX64 option for Multicast Basic 28 Bridging BroadBand (mB4) in multicast scenarios. However, in many 29 networks, the configuration information may be stored in an 30 Authentication Authorization and Accounting (AAA) server, while user 31 configuration information is mainly provided by the Broadband Network 32 Gateway (BNG) through the DHCPv6 protocol. This document defines two 33 new Remote Authentication Dial In User Service (RADIUS) attributes 34 that carry CE or mB4 configuration information from an AAA server to 35 BNG. 37 Status of This Memo 39 This Internet-Draft is submitted in full conformance with the 40 provisions of BCP 78 and BCP 79. 42 Internet-Drafts are working documents of the Internet Engineering 43 Task Force (IETF). Note that other groups may also distribute 44 working documents as Internet-Drafts. The list of current Internet- 45 Drafts is at https://datatracker.ietf.org/drafts/current/. 47 Internet-Drafts are draft documents valid for a maximum of six months 48 and may be updated, replaced, or obsoleted by other documents at any 49 time. It is inappropriate to use Internet-Drafts as reference 50 material or to cite them other than as "work in progress." 52 This Internet-Draft will expire on August 4, 2018. 54 Copyright Notice 56 Copyright (c) 2018 IETF Trust and the persons identified as the 57 document authors. All rights reserved. 59 This document is subject to BCP 78 and the IETF Trust's Legal 60 Provisions Relating to IETF Documents 61 (https://trustee.ietf.org/license-info) in effect on the date of 62 publication of this document. Please review these documents 63 carefully, as they describe your rights and restrictions with respect 64 to this document. Code Components extracted from this document must 65 include Simplified BSD License text as described in Section 4.e of 66 the Trust Legal Provisions and are provided without warranty as 67 described in the Simplified BSD License. 69 Table of Contents 71 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 72 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 73 3. Configuration process with RADIUS . . . . . . . . . . . . . . 4 74 4. Attributes . . . . . . . . . . . . . . . . . . . . . . . . . 7 75 4.1. Softwire46-Configuration Attribute . . . . . . . . . . . 7 76 4.2. S46 Container Options . . . . . . . . . . . . . . . . . . 8 77 4.3. Sub Options for S46 Container Option . . . . . . . . . . 9 78 4.3.1. S46-Rule Sub Option . . . . . . . . . . . . . . . . . 9 79 4.3.2. S46-BR Sub Option . . . . . . . . . . . . . . . . . . 10 80 4.3.3. S46-DMR Sub Option . . . . . . . . . . . . . . . . . 11 81 4.3.4. S46-V4V6Bind Sub Option . . . . . . . . . . . . . . . 12 82 4.3.5. S46-PORTPARAMS Sub Option . . . . . . . . . . . . . . 13 83 4.4. Sub Options for S46-Rule Sub Option . . . . . . . . . . . 13 84 4.4.1. Rule-IPv6-Prefix Sub Option . . . . . . . . . . . . . 13 85 4.4.2. Rule-IPv4-Prefix Sub Option . . . . . . . . . . . . . 14 86 4.4.3. EA Length Sub Option . . . . . . . . . . . . . . . . 15 87 4.5. Sub Options for S46-v4v6Bind Sub Option . . . . . . . . . 15 88 4.5.1. The IPv4-address Sub Option . . . . . . . . . . . . . 15 89 4.5.2. The Bind-IPv6-Prefix Sub Option . . . . . . . . . . . 15 90 4.6. Sub Options for S46-PORTPARAMS Sub Option . . . . . . . . 16 91 4.6.1. The PSID-offset Sub Option . . . . . . . . . . . . . 16 92 4.6.2. The PSID-len Sub Option . . . . . . . . . . . . . . . 17 93 4.6.3. The PSID Sub Option . . . . . . . . . . . . . . . . . 17 94 4.7. Softwire46 Sub Options Encapsulation . . . . . . . . . . 17 95 4.8. Softwire46-Priority Attribute . . . . . . . . . . . . . . 18 96 4.9. Softwire46-Multicast Attribute . . . . . . . . . . . . . 18 97 4.9.1. ASM-Prefix64 TLV . . . . . . . . . . . . . . . . . . 20 98 4.9.2. SSM-Prefix64 TLV . . . . . . . . . . . . . . . . . . 21 99 4.9.3. U-Prefix64 TLV . . . . . . . . . . . . . . . . . . . 22 100 4.10. Table of attributes . . . . . . . . . . . . . . . . . . . 23 101 5. Diameter Considerations . . . . . . . . . . . . . . . . . . . 24 102 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 24 103 6.1. S46 Mechanisms and Their Identifying Option Codes . . . . 25 104 7. Security Considerations . . . . . . . . . . . . . . . . . . . 25 105 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 26 106 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 26 107 9.1. Normative References . . . . . . . . . . . . . . . . . . 26 108 9.2. Informative References . . . . . . . . . . . . . . . . . 27 109 Additional Authors . . . . . . . . . . . . . . . . . . . . . . . 29 110 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 30 112 1. Introduction 114 Recently providers have started to deploy IPv6 and consider how to 115 transit to IPv6. Many IPv4 service continuity mechanisms based on 116 the Address plus Port (A+P) [RFC6346] have been proposed for running 117 IPv4 over IPv6-only infrastructure. Mapping of Address and Port with 118 Encapsulation (MAP-E)[RFC7597] and Mapping of Address and Port using 119 Translation (MAP-T)[RFC7599] are stateless mechanisms for running 120 IPv4 over IPv6-only infrastructure. Lightweight 4over6 [RFC7596] is 121 a hub-and-spoke IPv4-over-IPv6 tunneling mechanism, with complete 122 independence of IPv4 and IPv6 addressing. MAP-E, MAP-T, and 123 Lightweight 4over6 Customer Edge (CE) devices may be provisionned by 124 mans of Dynamic Host Configuration Protocol for IPv6 (DHCPv6) 125 [RFC3315]. In particualr, the CE uses DHCPv6 options to discover the 126 Border Relay (BR) and retrieve Softwire46 (S46) configurations. 128 [RFC8114] specifies a generic solution for delivery of IPv4 multicast 129 services to IPv4 clients over an IPv6 multicast network. The 130 solution applies also for lw4o6 and MAP-E. [RFC8115] defines a 131 DHCPv6 PREFIX64 option to convey the IPv6 prefixes to be used for 132 constructing IPv4-embedded IPv6 addresses to inform the mB4 element 133 of the PREFIX64. The following lists the multicast-related 134 information that needs to be provisioned: 136 o ASM Multicast Prefix64: the IPv6 multicast prefix to be used to 137 synthesize the IPv4-embedded IPv6 addresses of the multicast 138 groups in the Any-Source Multicast (ASM) mode. 140 o SSM Multicast Prefix64: the IPv6 multicast prefix to be used to 141 synthesize the IPv4-embedded IPv6 addresses of the multicast 142 groups in the Source-Specific Multicast (SSM) [RFC4607] mode. 144 o Unicast Prefix64: the IPv6 unicast prefix to be used in SSM mode 145 for constructing the IPv4-embedded IPv6 addresses representing the 146 IPv4 multicast sources in the IPv6 domain. Unicast Prefix64 may 147 also be used to extract the IPv4 address from the received 148 multicast data flows. The address mapping follows the guidelines 149 documented in [RFC6052]. 151 In many networks, user configuration information may be stored in an 152 Authentication, Authorization, and Accounting (AAA) server. 153 Currently, the AAA servers communicate using the Remote 154 Authentication Dial In User Service (RADIUS) [RFC2865] protocol. In 155 a fixed line broadband network, a Broadband Network Gateway (BNG) 156 acts as the access gateway of users. The BNG is assumed to embed a 157 DHCPv6 server function that allows it to locally handle any DHCPv6 158 requests initiated by hosts. 160 Since the S46 configuration information is stored in an AAA servers 161 and user configuration information is mainly transmitted through 162 DHCPv6 protocol between the BNGs and hosts/CEs, new RADIUS attributes 163 are needed to propagate the information from the AAA servers to BNGs. 164 The RADIUS attributes designed in this document are especially for 165 the MAP-E[RFC7597], MAP-T[RFC7599] and Lightweight 4over6[RFC7596], 166 providing enough information to form the correspondent DHCPv6 167 configuration options[RFC7598]. At the Section 4.9, a new RADIUS 168 attribute is defined to be used for carrying the Multicast-Prefixes- 169 64, based on the equivalent DHCPv6 option already specified in 170 [RFC8115]. 172 2. Terminology 174 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 175 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 176 document are to be interpreted as described in [RFC2119]. 178 The terms DS-Lite multicast Basic Bridging BroadBand element (mB4) 179 and the DS-Lite multicast Address Family Transition Router element 180 (mAFTR) are defined in [RFC8114] . 182 3. Configuration process with RADIUS 184 The Figure 1 below illustrates how the RADIUS protocol and DHCPv6 co- 185 operate to provide CE with MAP configuration information. The BNG 186 acts as a RADIUS client and DHCPv6 server. 188 CE BNG AAA Server 189 | | | 190 |-------1.DHCPv6 Solicit-------> | | 191 | (ORO w/container option code) | | 192 | |-------2.Access-Request------->| 193 | | (S46-Configuration attribute | 194 | |and/or S46-Multicast attribute)| 195 | |<------3.Access-Accept---------| 196 |<---4.DHCPv6 Advertisement----- | (S46-Configuration attribute | 197 | (container option) |and/or S46-Multicast attribute)| 198 |-------5.DHCPv6 Request------> | | 199 | (container Option) | | 200 |<------6.DHCPv6 Reply---------- | | 201 | (container option) | | 202 | | | 203 DHCPv6 RADIUS 205 Figure 1: the cooperation between DHCPv6 and RADIUS combining with 206 RADIUS authentication 208 1. First, the CE may initiate a DHCPv6 Solicit message that includes 209 an Option Request option(6) [RFC3315] with the S46 Container option 210 codes as defined in[RFC7598]. As described in [RFC7598], 211 OPTION_S46_CONT_MAPE should be included for MAP-E[RFC7597], 212 OPTION_S46_CONT_MAPT for MAP-T [RFC7599], and OPTION_S46_CONT_LW for 213 Lightweight 4over6 [RFC7596]. For the multicast case, 214 OPTION_V6_PREFIX64 should be included for the delivery of multicast 215 services in the context of transition to IPv6. Note however, that 216 the ORO (Option Request option) with the S46 Container option code 217 could be optional if the network was planned as being S46-enabled as 218 default. 220 2. When the BNG receives the Solicit message, it should initiate a 221 radius Access-Request message, in which an User-Name attribute (1) 222 should be filled by a CE MAC address or interface-id or both, to the 223 RADIUS server and a User-password attribute (2) should be filled by 224 the shared password that has been preconfigured on the DHCPv6 server, 225 requesting authentication as defined in [RFC2865] with the 226 corresponding Softwire46-Configuration Attribute or 227 Softwire46-Multicast Attribute , which will be defined in the next 228 Section. 230 3. If the authentication request is approved by the AAA server, an 231 Access-Accept message MUST be acknowledged with the corresponding 232 Softwire46-Configuration Attribute or Softwire46-Multicast Attribute. 234 4. After receiving the Access-Accept message with the corresponding 235 Attribute, the BNG SHOULD respond to the DHCPv6 Client (CE) with an 236 Advertisement message. 238 5. After receiving the Advertise message, the CE MAY request for the 239 corresponding S46 Container option, by including the S46 Container 240 option in the Request message. 242 6. After receiving the client's Request message, containing the 243 corresponding S46 Container option, the BNG SHOULD reply to the CE 244 with the message containing the S46 Container option. The 245 recommended format of the MAC address is defined as Calling-Station- 246 Id (Section 3.20 in [RFC3580] without the SSID (Service Set 247 Identifier) portion. 249 For Lightweight 4over6 [RFC7596], the subscriber's binding state 250 should be synchronized between the AAA server and lwAFTR. If the 251 bindings are pre-configured statically, in both the AAA server and 252 lwAFTR, an AAA server does not need to configure the lwAFTR anymore. 253 Otherwise, if the bindings are locally created on-demand in an AAA 254 server, it should inform the lwAFTR with the subscriber's binding 255 state, in order to synchronize the binding information of the lwB4 256 with the lwAFTR. 258 The authorization operation could also be done independently after 259 the authentication process. In such a scenario, after the 260 authentication operation, the client MAY initiate a DHCPv6 Request 261 message that includes the corresponding S46 Container options. 262 Similar to the above scenario, the ORO with the corresponding S46 263 Container option code in the initial DHCPv6 request could be optional 264 if the network was planned as being S46-enabled by default. When the 265 BNG receives the DHCPv6 Request, it SHOULD initiate the radius 266 Access-Request message, which MUST contain a Service-Type attribute 267 (6) with the value Authorize Only (17), the corresponding 268 Softwire46-Configuration Attribute, and a State attribute obtained 269 from the previous authentication process according to [RFC5080]. If 270 the authorization request is approved by an AAA server, an Access- 271 Accept message MUST be acknowledged with the corresponding 272 Softwire46-Configuration Attribute. The BNG SHOULD then send the 273 DHCPv6 Reply message containing the S46 Container option. 275 In both the above-mentioned scenarios, Message-authenticator (type 276 80) [RFC2869] SHOULD be used to protect both Access-Request and 277 Access-Accept messages. 279 If the BNG does not receive the corresponding 280 Softwire46-Configuration Attribute in the Access-Accept message it 281 MAY fallback to a pre-configured default S46 configuration, if any. 283 If the BNG does not have any pre-configured default S46 284 configuration, or if the BNG receives an Access-Reject, then S46 285 connection cannot be established. 287 As specified in [RFC3315], section 18.1.4, "Creation and Transmission 288 of Rebind Messages ", if the DHCPv6 server to which the DHCPv6 Renew 289 message was sent at time T1 has not responded by time T2, the CE 290 (DHCPv6 client) SHOULD enter the Rebind state and attempt to contact 291 any available server. In this situation, the secondary BNG receiving 292 the DHCPv6 message MUST initiate a new Access-Request message towards 293 the AAA server. The secondary BNG MAY include the 294 Softwire46-Configuration Attribute in its Access-Request message. 296 4. Attributes 298 This section defines the Softwire46-Configuration Attribute, 299 Softwire46-Priority Attribute, and Softwire46-Multicast Attribute. 300 The attribute design follows [RFC6158] and refers to [RFC6929]. 302 The Softwire46-Configuration Attribute carries the configuration 303 information for MAP-E, MAP-T, and Lightweight 4over6. The 304 configuration information for each S46 mechanism is carried in the 305 corresponding S46 Container option. Different sub options are 306 required for each type of S46 Container option. The RADIUS attribute 307 for Dual-Stack Lite [RFC6333] is defined in [RFC6519]. 309 A client may be capable of supporting several different S46 310 mechanisms. Depending on the deployment scenario, a client might 311 request for more than one S46 mechanism at a time. The 312 Softwire46-Priority Attribute contains information allowing the 313 client to prioritize which mechanism to use, corresponding to 314 OPTION_S46_PRIORITY defined in [RFC8026]. 316 The Softwire46-Multicast Attirbute conveys the IPv6 prefixes to be 317 used in [RFC8114] to synthesize IPv4-embedded IPv6 addresses. The 318 BNG SHALL use the IPv6 prefixes returned in the RADIUS 319 Softwire46-Multicast Attirbute to populate the DHCPv6 PREFIX64 Option 320 [RFC8115]. 322 4.1. Softwire46-Configuration Attribute 324 The Softwire46-Configuration Attribute can only encapsulate S46 325 Container Option(s). The Softwire46-Configuration Attribute is 326 structured as follows: 328 0 1 2 3 329 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 330 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 331 | Type | Length | | 332 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + 333 | | 334 + S46 Container Option(s) + 335 | | 336 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 337 Type 338 TBD 339 Length 340 2 + the length of the S46 Container option(s) 341 specified in octets 342 S46 Container Option (s) 343 A variable field that may contains one or more S46 Container 344 option(s), defined in Section 4.2. 346 4.2. S46 Container Options 348 The S46 Container Option can only be encapsulated in the 349 Softwire46-Configuration Attribute. Depending on the deployment 350 scenario, a client might request for more than one transition 351 mechanism at a time, there MUST be at least one S46 Container option 352 encapsulated in one Softwire46-Configuration Attribute. There MUST 353 be at most one instance of each type of S46 Container Option 354 encapsulated in one Softwire46-Configuration Attribute. 356 / 357 / | 1.Rule-IPv6-Prefix 358 | | Sub Option 359 | 1.S46-Rule Sub Option--+ 2.Rule-IPv4-Prefix 360 | | Sub Option 361 | 2.S46-BR Sub Option | 3.EA Length Sub 362 S46 Container Option--+ 3.S46-DMR Sub Option \ Option 363 | 364 | /1.IPv4-address 365 | | Sub Option 366 | 4.S46-v4v6Bind Sub Option--| 2.Bind-IPv6-Prefix 367 | \ Sub Option 368 | /1.PSID-offset 369 | | Sub Option 370 | 5.S46-PORTPARAMS Sub Option--| 2.PSID-len 371 | | Sub Option 372 \ \3.PSID Sub 373 Option 375 Figure 2: S46 Container Option Hierarchy 377 There are three types of S46 Container Options, namely MAP-E 378 Container Option, MAP-T Container Option, Lightweight 4over6 379 Container Option. Each type of S46 Container Option contains a 380 number of sub options, defined in Section 4.3. The hierarchy of the 381 S46 Container Option is shown in Figure 2. Section 4.5 describes 382 which Sub Options are mandatory, optional, or not permitted for each 383 defined S46 Container Option. 385 There are three types of S46-Rule Sub Options, namely Basic Mapping 386 Rule, Forwarding Mapping Rule, Basic and Forwarding Mapping Rule. 387 Each type of S46-Rule Sub Option also contains a number of Sub 388 Options. The Rule-IPv6-Prefix Sub Option is necessary for every type 389 of S46-Rule Sub Option. It should appear for once and only once. 391 0 1 2 3 392 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 393 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 394 | Type | Length | | 395 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + 396 | | 397 + Sub Options + 398 | | 399 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 400 Type 401 TBD1 MAP-E Container Option 402 TBD2 MAP-T Container Option 403 TBD3 Lightweight 4over6 Container Option 404 Length 405 2 + the length of the Sub Options specified in octets 406 Sub Option 407 A variable field that contains necessary sub options defined 408 in Section 4.3 and zero or several optional sub options, 409 defined in Section 4.4. 411 NOTE: The Type values for each S46 Container Option are the same 412 as the S46-option-code values of the corresponding S46 Mechanisms 413 specified in Section 6.1. 415 4.3. Sub Options for S46 Container Option 417 4.3.1. S46-Rule Sub Option 419 The S46-Rule Sub Option can only be encapsulated in the MAP-E 420 Container Option or the MAP-T Container Option. Depending on 421 deployment scenario, one Basic Mapping Rule and zero or more 422 Forwarding Mapping Rules MUST be included in one MAP-E Container 423 Option or MAP-T Container Option. 425 Each type of S46-Rule Sub Option also contains a number of sub 426 options, including Rule-IPv6-Prefix Sub Option, Rule-IPv4-Prefix Sub 427 Option, and EA Length Sub Option. The structure of the sub options 428 for S46-Rule Sub Option is defined in section 4.4. 430 0 1 2 3 431 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 432 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 433 | SubType | SubLen | | 434 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + 435 | | 436 + Sub Options + 437 | | 438 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 439 SubType 440 1 Basic Mapping Rule (Not Forwarding Mapping Rule) 441 2 Forwarding Mapping Rule (Not Basic Mapping Rule) 442 3 Basic & Forwarding Mapping Rule 443 SubLen 444 2 + the length of the Sub Options specified in octets 445 Sub Option 446 A variable field that contains sub options defined in 447 Section 4.4. 449 4.3.2. S46-BR Sub Option 451 The S46-BR Sub Option an only be encapsulated in the MAP-E Container 452 Option or the Lightweight 4over6 Container Option. There MUST be at 453 least one S46-BR Sub Option included in each MAP-E Container Option 454 or Lightweight 4over6 Container Option. 456 0 1 2 3 457 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 458 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 459 | SubType | SubLen | | 460 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + 461 | | 462 | BR-ipv6-address | 463 | | 464 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 465 | | 466 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 468 SubType 469 4 (SubType number, for the S46-BR sub option) 470 SubLen 471 18 (the length of the S46-BR sub option) 472 BR-ipv6-address 473 a fixed-length field of 16 octets that specifies the IPv6 474 address for the S46 BR. 476 4.3.3. S46-DMR Sub Option 478 The S46-DMR Sub Option can only appear in the MAP-T Container Option. 479 There MUST be exactly one S46-DMR Sub Option included in one MAP-T 480 Container Option. 482 0 1 2 3 483 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 484 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 485 | SubType | SubLen | Reserved |dmr-prefix6-len| 486 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 487 | dmr-ipv6-prefix | 488 | (variable length) | 489 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 491 SubType 492 5 (SubType number, for the S46-DMR Sub Option) 493 SubLen 494 4 + length of dmr-ipv6-prefix specified in octets 495 Reserved 496 This field is reserved. It should be set to all zero. 497 dmr-prefix6-len 498 8 bits long; expresses the bitmask length of the IPv6 499 prefix specified in the dmr-ipv6-prefix field. Allowed 500 values range from 0 to 96. 501 dmr-ipv6-prefix 502 a variable-length field specifying the IPv6 prefix or address 503 for the BR. This field is right-padded with zeros to the 504 nearest octet boundary when dmr-prefix6-len is not divisible 505 by 8. 507 4.3.4. S46-V4V6Bind Sub Option 509 The S46-V4V6Bind Sub Option can only be encapsulated in the 510 Lightweight 4over6 Container Option. There MUST be at most one 511 S46-V4V6Bind Sub Option included in each Lightweight 4over6 Container 512 Option. 514 0 1 2 3 515 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 516 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 517 | SubType | SubLen | | 518 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + 519 | | 520 + Sub Options + 521 | | 522 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 523 SubType 524 6 (SubType number, for the S46-V4V6Bind sub option) 525 SubLen 526 2 + the length of the Sub Options specified in octets 527 Sub Option 528 A variable field that contains sub options defined in 529 Section 4.5. 531 4.3.5. S46-PORTPARAMS Sub Option 533 The S46-PORTPARAMS Sub Option specifies optional port set information 534 that MAY be provided to CEs. The S46-PORTPARAMS sub option can be 535 included optionally by each type of S46 Container Option. 537 0 1 2 3 538 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 539 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 540 | SubType | SubLen | | 541 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + 542 | | 543 + Sub Options + 544 | | 545 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 546 SubType 547 7 (SubType number, for the S46-PORTPARAMS Sub Option) 548 SubLen 549 2 + the length of the Sub Options specified in octets 550 Sub Option 551 A variable field that contains sub options defined in 552 Section 4.6. 554 4.4. Sub Options for S46-Rule Sub Option 556 4.4.1. Rule-IPv6-Prefix Sub Option 558 The Rule-IPv6-Prefix Sub Option is necessary for every S46-RULE sub 559 option. There MUST be exactly one S46-IPv6-Prefix Sub Option 560 encapsulated in each type of S46-Rule Sub Option. 562 The IPv6 Prefix sub option is followed the framed IPv6 prefix 563 designed in [RFC3162]. 565 0 1 2 3 566 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 567 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 568 | SubType | SubLen | Reserved |ruleprefix6-len| 569 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 570 | | 571 | rule-ipv6-prefix | 572 | | 573 | | 574 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 575 SubType 576 8 (SubType number, for the Rule-IPv6-Prefix Sub Option) 577 SubLen 578 20 (the length of the Rule-IPv6-Prefix Sub Option) 579 Reserved 580 This field is reserved. It always set to zero. This field 581 is one octet in length. 582 ruleprefix6-len 583 the length of IPv6 prefix, specified in the rule-ipv6-prefix 584 field, expressed in bits. 585 rule-ipv6-prefix 586 a 128-bits field that specifies an IPv6 prefix that appears 587 in a MAP rule. 589 4.4.2. Rule-IPv4-Prefix Sub Option 591 0 1 2 3 592 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 593 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 594 | SubType | SubLen | Reserved | prefix4-len | 595 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 596 | rule-ipv4-prefix | 597 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 598 SubType 599 9 (SubType number, for the Rule-IPv4-Prefix Sub Option) 600 SubLen 601 8 (the length of the Rule-IPv4-Prefix Sub Option) 602 Reserved 603 This field is reserved. It always set to zero. This field 604 is one octet in length. 605 Prefix4-len 606 the length of IPv4 prefix, specified in the rule-ipv4-prefix 607 field, expressed in bits. 608 rule-ipv4-prefix 609 a 32-bits field that specifies an IPv4 prefix that appears 610 in a MAP rule. 612 4.4.3. EA Length Sub Option 614 0 1 2 3 615 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 616 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 617 | SubType | SubLen | EA-len | 618 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 619 SubType 620 10 (SubType number, for the EA Length Sub Option) 621 SubLen 622 4 (the length of the EA Length Sub Option) 623 EA-len 624 16 bits long field that specifies the Embedded-Address (EA) 625 bit length. Allowed values range from 0 to 48. 627 4.5. Sub Options for S46-v4v6Bind Sub Option 629 4.5.1. The IPv4-address Sub Option 631 The IPv4-address Sub Option MAY be used to specify the full or shared 632 IPv4 address of the CE. 634 0 1 2 3 635 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 636 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 637 | SubType | SubLen | ipv4-address | 638 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 639 | ipv4-address | 640 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 641 SubType 642 11 (SubType number, for the IPv4-address Sub Option) 643 SubLen 644 6 (the length of the Rule-IPv4-Prefix Sub Option) 645 ipv4-address 646 a 32-bits field that specifies an IPv4 address that appears 647 in the V4V6Bind Option 649 4.5.2. The Bind-IPv6-Prefix Sub Option 651 The IPv6 prefix field specified in this field is used by the CE to 652 identify the correct prefix to use for the tunnel source. 654 0 1 2 3 655 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 656 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 657 | SubType | SubLen | Reserved |bindprefix6-len| 658 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 659 | | 660 | bind-ipv6-prefix | 661 | (variable length) | 662 | | 663 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 664 SubType 665 12 (SubType number, for the Bind-IPv6-Prefix Sub Option) 666 SubLen 667 20 (the length of the Bind-IPv6-Prefix Sub Option) 668 Reserved 669 This field is reserved. It always set to zero. This field 670 is one octet in length. 671 bindprefix6-len 672 8 bits long; expresses the bitmask length of the IPv6 prefix 673 specified in the bind-ipv6-prefix field. Allowed values range 674 from 0 to 96. 675 bind-ipv6-prefix 676 a variable-length field specifying the IPv6 prefix or address 677 for the S46 CE. This field is right-padded with zeros to the 678 nearest octet boundary when bindprefix6-len is not divisible 679 by 8. 681 4.6. Sub Options for S46-PORTPARAMS Sub Option 683 4.6.1. The PSID-offset Sub Option 685 0 1 2 686 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 687 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 688 | SubType | SubLen | PSID-Offset | 689 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 690 SubType 691 13 (SubType number, for the PSID-offset Sub Option) 692 SubLen 693 3 (the length of the PSID-offset Sub Option) 694 PSID Offset 695 8 bits long field that specifies the numeric value for the 696 S46 algorithm's excluded port range/ offset bits (a bits), 697 as per Section 5.1 of RFC7597. Allowed values are between 698 0 and 15. Default values for this field are specific to the 699 Softwire mechanism being implemented and are defined in the 700 relevant specification document. 702 4.6.2. The PSID-len Sub Option 704 0 1 2 705 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 706 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 707 | SubType | SubLen | PSID-len | 708 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 709 SubType 710 14 (SubType number, for the PSID-len Sub Option) 711 SubLen 712 3 (the length of the PSID-len Sub Option) 713 PSID-len 714 8 bits long; specifies the number of significant bits in 715 the PSID field. (also known as 'k'). When set to 0, the 716 PSID field is to be ignored. After the first 'a' bits, 717 there are k bits in the port number representing valid 718 of PSID. Subsequently, the address sharing ratio would 719 be 2 ^k. 721 4.6.3. The PSID Sub Option 723 0 1 2 3 724 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 725 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 726 | SubType | SubLen | PSID | 727 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 728 SubType 729 15 (SubType number, for the PSID Sub Option) 730 SubLen 731 4 (the length of the PSID Sub Option) 732 PSID (Port-set ID) 733 Explicit 16-bit (unsigned word) PSID value. The PSID value 734 algorithmically identifies a set of ports assigned to a CE. 735 The first k-bits on the left of this 2-octets field is the 736 PSID value. The remaining (16-k) bits on the right are 737 padding zeros. 739 4.7. Softwire46 Sub Options Encapsulation 741 The table below shows which encapsulated Sub Options are mandatory, 742 optional, or not permitted for each defined S46 Container Option. 744 +----------------+-------+-------+--------------------+ 745 | Sub Option | MAP-E | MAP-T | Lightweight 4over6 | 746 +----------------+-------+-------+--------------------+ 747 | S46-BR | M | N/P | M | 748 +----------------+-------+-------+--------------------+ 749 | S46-Rule | M | M | N/P | 750 +----------------+-------+-------+--------------------+ 751 | S46-DMR | N/P | M | N/P | 752 +----------------+-------+-------+--------------------+ 753 | S46-V4V6Bind | N/P | N/P | O | 754 +----------------+-------+-------+--------------------+ 755 | S46-PORTPARAMS | O | O | O | 756 +----------------+-------+-------+--------------------+ 758 M - Mandatory, O - Optional, N/P - Not Permitted 760 4.8. Softwire46-Priority Attribute 762 The S46-Priority Attribute is structured as follows: 764 0 1 2 3 765 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 766 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 767 | Type | Length | S46-option-code | 768 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 769 | ... | S46-option-code | 770 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 772 Type 773 TBD 774 Length 775 2 + the length of the S46-option-code(s) specified in octets 776 S46-option-code 777 16-bit IANA-registered option code of the DHCPv6 option that 778 is used to identify the softwire mechanisms. S46 mechanisms 779 are prioritized in the appearance order of the 780 S46-option-code(s) in the Softwire46-Priority Attribute. 781 A Softwire46-Priority Attribute MUST contain at least one 782 S46-option-code. The option codes of the corresponding S46 783 mechanisms are listed in Section 6.1. 785 4.9. Softwire46-Multicast Attribute 787 The Softwire46-Multicast attribute conveys the IPv6 prefixes to be 788 used in [RFC8114] to synthesize IPv4-embedded IPv6 addresses. The 789 BNG SHALL use the IPv6 prefixes returned in the RADIUS 790 Softwire46-Multicast attribute to populate the DHCPv6 PREFIX64 Option 791 [RFC8115]. 793 This attribute MAY be used in Access-Request packets as a hint to the 794 RADIUS server, for example, if the BNG is pre-configured with 795 Softwire46-Multicast, these prefixes MAY be inserted in the 796 attribute. The RADIUS server MAY ignore the hint sent by the BNG, 797 and it MAY assign a different Softwire46-Multicast attribute. 799 The Softwire46-Multicast Attribute MAY appear in an Access-Accept 800 packet. It MAY also appear in an Access-Request packet. 802 The Softwire46-Multicast Attribute MAY appear in a CoA-Request 803 packet. 805 The Softwire46-Multicast Attribute MAY appear in an Accounting- 806 Request packet. 808 The Softwire46-Multicast Attribute MUST NOT appear in any other 809 RADIUS packet. 811 This attribute is of type "TLV" as defined in the RADIUS Protocol 812 Extensions [RFC6929]. It contains some sub-attributes: 814 o The Softwire46-Multicast Attribute MAY contain the ASM-Prefix64 815 TLV (see Section 4.9.1). 817 o The Softwire46-Multicast Attribute MAY contain the SSM-Prefix64 818 TLV (see Section 4.9.2). 820 o The Softwire46-Multicast Attribute MAY contain the U-Prefix64 TLV 821 (see Section 4.9.3). 823 The Softwire46-Multicast Attribute MUST include the ASM-Prefix64 TLV 824 or the SSM-Prefix64 TLV, and it MAY include both. 826 The U-Prefix64 TLV MUST be present when the SSM-Prefix64 TLV is 827 present. The U-Prefix64 TLV MAY be present when the ASM-Prefix64 TLV 828 is present. 830 The format of the Softwire46-Multicast Attribute is shown in 831 Figure 3. 833 0 1 2 3 834 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 835 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 836 | Type | Length | Extended-Type | Value ... 837 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 839 Figure 3 841 Type 843 241 (To be confirmed by IANA). 845 Length 847 This field indicates the total length in bytes of all fields of 848 this attribute, including the Type, Length, Extended-Type, and the 849 entire length of the embedded TLVs. 851 Extended-Type 853 TBD1. 855 Value 857 This field contains a set of TLVs as follows: 859 ASM-Prefix64 TLV 861 This TLV contains the ASM IPv6 prefix. Refer to Section 4.9.1. 863 SSM-Prefix64 TLV 865 This TLV contains the SSM IPv6 prefix. Refer to Section 4.9.2. 867 U-Prefix64 TLV 869 This TLV contains the IPv4 prefix used for address translation 870 [RFC6052]. Refer to Section 4.9.3. 872 Softwire46-Multicast Attribute is associated with the following 873 identifier: 241.Extended-Type(TBDx). 875 4.9.1. ASM-Prefix64 TLV 877 The format of ASM-Prefix64 TLV is shown in Figure 4. 879 0 1 2 3 880 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 881 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 882 | TLV-Type | Reserved | Prefix-Length |ASM Prefix64 ... 883 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 884 ... ASM Prefix64 ... 885 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 886 ... ASM Prefix64 ... 887 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 888 ... ASM Prefix64 | 889 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 891 Figure 4 893 TLV-Type 895 1 897 Reserved 899 This field is reserved. It always set to zero. This field is one 900 octet in length. 902 Length 904 The length of the prefix, in bits. 906 ASM Prefix64 908 IPv6 prefix. This field specifies the IPv6 multicast prefix to be 909 used to synthesize the IPv4-embedded IPv6 addresses of the 910 multicast groups in the ASM mode. The conveyed multicast IPv6 911 prefix MUST belong to the ASM range. 913 4.9.2. SSM-Prefix64 TLV 915 The format of SSM-Prefix64 TLV is shown in Figure 5. 917 0 1 2 3 918 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 919 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 920 | TLV-Type | Reserved |Prefix-Length | SSM Prefix64 ... 921 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 922 ... SSM Prefix64 ... 923 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 924 ... SSM Prefix64 ... 925 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 926 ... SSM Prefix64 | 927 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 929 Figure 5 931 TLV-Type 933 2 935 Reserved 937 This fiel is reserved. It always set to zero. This field is one 938 octet in length. 940 Length 942 The length of the prefix, in bits. 944 SSM Prefix64 946 IPv6 prefix. This field specifies the IPv6 multicast prefix to be 947 used to synthesize the IPv4-embedded IPv6 addresses of the 948 multicast groups in the SSM mode. The conveyed multicast IPv6 949 prefix MUST belong to the SSM range. 951 4.9.3. U-Prefix64 TLV 953 The format of U-Prefix64 TLV is shown in Figure 6. 955 0 1 2 3 956 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 957 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 958 | TLV-Type | Reserved | Prefix-Length |Unicast Prefix64 959 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 960 ... Unicast Prefix64 ... 961 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 962 ... Unicast Prefix64 ... 963 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 964 ... Unicast Prefix64 | 965 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 967 Figure 6 969 TLV-Type 971 3 973 Reserved 975 This fiel is reserved. It always set to zero. This field is one 976 octet in length. 978 Length 980 The length of the prefix, in bits. 982 Unicast Prefix64 984 IPv6 prefix. This field identifies the IPv6 unicast prefix to be 985 used in SSM mode for constructing the IPv4-embedded IPv6 addresses 986 representing the IPv4 multicast sources in the IPv6 domain. It 987 may also be used to extract the IPv4 address from the received 988 multicast data flows. 990 4.10. Table of attributes 992 The following table provides a guide to which attributes may be found 993 in which kinds of packets, and in what quantity. 995 Request Accept Reject Challenge Accounting # Attribute 996 Request 997 0-1 0-1 0 0 0-1 TBD1 Softwire46- 998 Configuration 999 0-1 0-1 0 0 0-1 TBD2 Softwire46- 1000 Priority 1001 0-1 0-1 0 0 0-1 TBD3 Softwire46- 1002 Multicast 1003 0-1 0-1 0 0 0-1 1 User-Name 1004 0-1 0 0 0 0 2 User-Password 1005 0-1 0-1 0 0 0-1 6 Service-Type 1006 0-1 0-1 0-1 0-1 0-1 80 Message- 1007 Authenticator 1009 The following table defines the meaning of the above table entries. 1011 0 This attribute MUST NOT be present in packet. 1012 0+ Zero or more instances of this attribute MAY be present in 1013 packet. 1014 0-1 Zero or one instance of this attribute MAY be present in 1015 packet. 1016 1 Exactly one instance of this attribute MUST be present in 1017 packet. 1019 5. Diameter Considerations 1021 S46 Configuration using Diameter [RFC6733] is specified in [RFC7678]. 1023 6. IANA Considerations 1025 This document requires the assignment of two new RADIUS Attribute 1026 Type in the "Radius Types" registry (currently located at 1027 http://www.iana.org/assignments/radius-types for the following 1028 attributes: 1030 o Softwire46-Configuration Attribute TBD1 1032 o Softwire46-Priority Attribute TBD2 1034 o Softwire46-Multicast Attribute TBD3 1036 IANA should allocate the numbers from the standard RADIUS Attributes 1037 space using the "IETF Review" policy [RFC5226]. 1039 6.1. S46 Mechanisms and Their Identifying Option Codes 1041 The Softwire46-Priority Attribute defines a 16-bit S46-option-code 1042 field, for which IANA is to create and maintain a new registry 1043 entitled "Option Codes Permitted in the Softwire46-Priority 1044 Attribute". This document requires IANA to register four option 1045 codes of the Softwire46 mechanisms permitted to be included in the 1046 Softwire46-Priority Attribute. Additional options may be added to 1047 this list in the future using the IETF Review process described in 1048 Section 4.1 of [RFC5226]. 1050 The following table shows the option codes that are required and the 1051 S46 mechanisms that they represent. The option code for DS-Lite is 1052 derived from the IANA allocated RADIUS Attribute Type value for DS- 1053 Lite [RFC6519]. The option codes for MAP-E, MAP-T and Lightweight 1054 4over6 need to be determined. The option codes for MAP-E, MAP-T, and 1055 Lightweight 4over6 should also be used as the option Type values for 1056 the MAP-E, MAP-T, and Lightweight 4over6 Container Options defined in 1057 Section 4.2. 1059 +-------------+------------------+-----------+ 1060 | Option Code | S46 Mechanism | Reference | 1061 +-------------+------------------+-----------+ 1062 | TBD1 | MAP-E | RFC7597 | 1063 +-------------+------------------+-----------+ 1064 | TBD2 | MAP-T | RFC7599 | 1065 +-------------+------------------+-----------+ 1066 | TBD3 |Lightweight 4over6| RFC7596 | 1067 +-------------+------------------+-----------+ 1068 | 144 | DS-Lite | RFC6519 | 1069 +--------------------------------+-----------+ 1071 Table 1: Option Codes to S46 Mechanisms 1073 7. Security Considerations 1075 Known security vulnerabilities of the RADIUS protocol are discussed 1076 in [RFC2607], [RFC2865], and[RFC2869]. Use of IPsec [RFC4301] for 1077 providing security when RADIUS is carried in IPv6 is discussed in 1078 [RFC3162]. 1080 A malicious user may use MAC address spoofing on the shared password 1081 that has been preconfigured on the DHCPv6 server to get unauthorized 1082 configuration information. 1084 Security considerations for MAP specific between the MAP CE and the 1085 BNG are discussed in [RFC7597]. Security considerations for 1086 Lightweight 4over6 are discussed in [RFC7596]. Security 1087 considerations for DHCPv6-Based S46 Prioritization Mechanism are 1088 discussed in [RFC8026]. Furthermore, generic DHCPv6 security 1089 mechanisms can be applied DHCPv6 intercommunication between the CE 1090 and the BNG. 1092 Security considerations for the Diameter protocol are discussed in 1093 [RFC6733]. 1095 8. Acknowledgements 1097 The authors would like to thank the valuable comments made by Peter 1098 Lothberg, Wojciech Dec, Ian Farrer, Suresh Krishnan, Qian Wang, Wei 1099 Meng and Cui Wang for this document. This document was merged with 1100 draft-sun-softwire-lw4over6-radext-01 and draft-wang-radext- 1101 multicast-radius-ext-00, thanks to everyone who contributed to this 1102 draft. 1104 This document was produced using the xml2rfc tool [RFC7991]. 1106 9. References 1108 9.1. Normative References 1110 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1111 Requirement Levels", BCP 14, RFC 2119, 1112 DOI 10.17487/RFC2119, March 1997, 1113 . 1115 [RFC2865] Rigney, C., Willens, S., Rubens, A., and W. Simpson, 1116 "Remote Authentication Dial In User Service (RADIUS)", 1117 RFC 2865, DOI 10.17487/RFC2865, June 2000, 1118 . 1120 [RFC3162] Aboba, B., Zorn, G., and D. Mitton, "RADIUS and IPv6", 1121 RFC 3162, DOI 10.17487/RFC3162, August 2001, 1122 . 1124 [RFC3315] Droms, R., Ed., Bound, J., Volz, B., Lemon, T., Perkins, 1125 C., and M. Carney, "Dynamic Host Configuration Protocol 1126 for IPv6 (DHCPv6)", RFC 3315, DOI 10.17487/RFC3315, July 1127 2003, . 1129 [RFC4607] Holbrook, H. and B. Cain, "Source-Specific Multicast for 1130 IP", RFC 4607, DOI 10.17487/RFC4607, August 2006, 1131 . 1133 [RFC5080] Nelson, D. and A. DeKok, "Common Remote Authentication 1134 Dial In User Service (RADIUS) Implementation Issues and 1135 Suggested Fixes", RFC 5080, DOI 10.17487/RFC5080, December 1136 2007, . 1138 [RFC6052] Bao, C., Huitema, C., Bagnulo, M., Boucadair, M., and X. 1139 Li, "IPv6 Addressing of IPv4/IPv6 Translators", RFC 6052, 1140 DOI 10.17487/RFC6052, October 2010, 1141 . 1143 [RFC6158] DeKok, A., Ed. and G. Weber, "RADIUS Design Guidelines", 1144 BCP 158, RFC 6158, DOI 10.17487/RFC6158, March 2011, 1145 . 1147 [RFC6929] DeKok, A. and A. Lior, "Remote Authentication Dial In User 1148 Service (RADIUS) Protocol Extensions", RFC 6929, 1149 DOI 10.17487/RFC6929, April 2013, 1150 . 1152 [RFC8026] Boucadair, M. and I. Farrer, "Unified IPv4-in-IPv6 1153 Softwire Customer Premises Equipment (CPE): A DHCPv6-Based 1154 Prioritization Mechanism", RFC 8026, DOI 10.17487/RFC8026, 1155 November 2016, . 1157 [RFC8114] Boucadair, M., Qin, C., Jacquenet, C., Lee, Y., and Q. 1158 Wang, "Delivery of IPv4 Multicast Services to IPv4 Clients 1159 over an IPv6 Multicast Network", RFC 8114, 1160 DOI 10.17487/RFC8114, March 2017, 1161 . 1163 [RFC8115] Boucadair, M., Qin, J., Tsou, T., and X. Deng, "DHCPv6 1164 Option for IPv4-Embedded Multicast and Unicast IPv6 1165 Prefixes", RFC 8115, DOI 10.17487/RFC8115, March 2017, 1166 . 1168 9.2. Informative References 1170 [RFC2607] Aboba, B. and J. Vollbrecht, "Proxy Chaining and Policy 1171 Implementation in Roaming", RFC 2607, 1172 DOI 10.17487/RFC2607, June 1999, 1173 . 1175 [RFC2869] Rigney, C., Willats, W., and P. Calhoun, "RADIUS 1176 Extensions", RFC 2869, DOI 10.17487/RFC2869, June 2000, 1177 . 1179 [RFC3580] Congdon, P., Aboba, B., Smith, A., Zorn, G., and J. Roese, 1180 "IEEE 802.1X Remote Authentication Dial In User Service 1181 (RADIUS) Usage Guidelines", RFC 3580, 1182 DOI 10.17487/RFC3580, September 2003, 1183 . 1185 [RFC4301] Kent, S. and K. Seo, "Security Architecture for the 1186 Internet Protocol", RFC 4301, DOI 10.17487/RFC4301, 1187 December 2005, . 1189 [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an 1190 IANA Considerations Section in RFCs", RFC 5226, 1191 DOI 10.17487/RFC5226, May 2008, 1192 . 1194 [RFC6333] Durand, A., Droms, R., Woodyatt, J., and Y. Lee, "Dual- 1195 Stack Lite Broadband Deployments Following IPv4 1196 Exhaustion", RFC 6333, DOI 10.17487/RFC6333, August 2011, 1197 . 1199 [RFC6346] Bush, R., Ed., "The Address plus Port (A+P) Approach to 1200 the IPv4 Address Shortage", RFC 6346, 1201 DOI 10.17487/RFC6346, August 2011, 1202 . 1204 [RFC6519] Maglione, R. and A. Durand, "RADIUS Extensions for Dual- 1205 Stack Lite", RFC 6519, DOI 10.17487/RFC6519, February 1206 2012, . 1208 [RFC6733] Fajardo, V., Ed., Arkko, J., Loughney, J., and G. Zorn, 1209 Ed., "Diameter Base Protocol", RFC 6733, 1210 DOI 10.17487/RFC6733, October 2012, 1211 . 1213 [RFC7596] Cui, Y., Sun, Q., Boucadair, M., Tsou, T., Lee, Y., and I. 1214 Farrer, "Lightweight 4over6: An Extension to the Dual- 1215 Stack Lite Architecture", RFC 7596, DOI 10.17487/RFC7596, 1216 July 2015, . 1218 [RFC7597] Troan, O., Ed., Dec, W., Li, X., Bao, C., Matsushima, S., 1219 Murakami, T., and T. Taylor, Ed., "Mapping of Address and 1220 Port with Encapsulation (MAP-E)", RFC 7597, 1221 DOI 10.17487/RFC7597, July 2015, 1222 . 1224 [RFC7598] Mrugalski, T., Troan, O., Farrer, I., Perreault, S., Dec, 1225 W., Bao, C., Yeh, L., and X. Deng, "DHCPv6 Options for 1226 Configuration of Softwire Address and Port-Mapped 1227 Clients", RFC 7598, DOI 10.17487/RFC7598, July 2015, 1228 . 1230 [RFC7599] Li, X., Bao, C., Dec, W., Ed., Troan, O., Matsushima, S., 1231 and T. Murakami, "Mapping of Address and Port using 1232 Translation (MAP-T)", RFC 7599, DOI 10.17487/RFC7599, July 1233 2015, . 1235 [RFC7678] Zhou, C., Taylor, T., Sun, Q., and M. Boucadair, 1236 "Attribute-Value Pairs for Provisioning Customer Equipment 1237 Supporting IPv4-Over-IPv6 Transitional Solutions", 1238 RFC 7678, DOI 10.17487/RFC7678, October 2015, 1239 . 1241 [RFC7991] Hoffman, P., "The "xml2rfc" Version 3 Vocabulary", 1242 RFC 7991, DOI 10.17487/RFC7991, December 2016, 1243 . 1245 Additional Authors 1246 Qiong Sun 1247 China Telecom 1248 Beijing China 1249 Email: sunqiong@ctbri.com.cn 1251 Qi Sun 1252 Tsinghua University 1253 Department of Computer Science, Tsinghua University 1254 Beijing 100084 1255 P.R.China 1256 Phone: +86-10-6278-5822 1257 Email: sunqibupt@gmail.com 1259 Cathy Zhou 1260 Huawei Technologies 1261 Bantian, Longgang District 1262 Shenzhen 518129 1263 Email: cathy.zhou@huawei.com 1265 Tina Tsou 1266 Huawei Technologies(USA) 1267 2330 Central Expressway 1268 Santa Clara, CA 95050 1269 USA 1270 Email: Tina.Tsou.Zouting@huawei.com 1272 ZiLong Liu 1273 Tsinghua University 1274 Beijing 100084 1275 P.R.China 1276 Phone: +86-10-6278-5822 1277 Email: liuzilong8266@126.com 1279 Yong Cui 1280 Tsinghua University 1281 Beijing 100084 1282 P.R.China 1283 Phone: +86-10-62603059 1284 Email: yong@csnet1.cs.tsinghua.edu.cn 1286 Authors' Addresses 1287 Sheng Jiang 1288 Huawei Technologies Co., Ltd 1289 Q14, Huawei Campus, No.156 Beiqing Road 1290 Hai-Dian District, Beijing, 100095 1291 P.R. China 1293 Email: jiangsheng@huawei.com 1295 Yu Fu 1296 CNNIC 1297 No.4 South 4th Street, Zhongguancun 1298 Hai-Dian District, Beijing, 100190 1299 P.R. China 1301 Email: fuyu@cnnic.cn 1303 Bing Liu 1304 Huawei Technologies Co., Ltd 1305 Q14, Huawei Campus, No.156 Beiqing Road 1306 Hai-Dian District, Beijing, 100095 1307 P.R. China 1309 Email: leo.liubing@huawei.com 1311 Peter Deacon 1312 IEA Software, Inc. 1313 P.O. Box 1170 1314 Veradale, WA 99037 1315 USA 1317 Email: peterd@iea-software.com 1319 Chongfeng Xie 1320 China Telecom 1321 Beijing 1322 P.R. China 1324 Email: xiechf.bri@chinatelecom.cn 1325 Tianxiang Li 1326 Tsinghua University 1327 Beijing 100084 1328 P.R.China 1330 Email: peter416733@gmail.com 1332 Mohamed Boucadair 1333 Orange 1334 Rennes, 35000 1335 France 1337 Email: mohamed.boucadair@orange.com